Fortinet, Inc. (FTNT) Earnings Call Transcript & Summary

It's Keith Bachman here. We're thrilled to have various members of Fortinet. And I'm going to do 2 things to start off. One, I'm going to hand it over to Peter to do some safe harbor. And then Peter, if you want to actually introduce on your side, just so investors know who's available for Q&A on behalf of Fortinet. So go ahead, Peter.

Peter, are you on mute?

There you go. Can you hear me, Keith?

Yes, sir.

Okay, sorry about that. Yes, so I'll just quickly lay on the safe harbor, just want to share our safe harbor language. Anything we say today is as of today's presentation, we take no obligation to update any forward-looking statements that we will make. You can all screenshot this and read it later at your leisure [indiscernible]. But anyway, with me today, I have Chief Financial Officer, Keith Jensen; also have our Chief Marketing Officer and EVP of Products; John Maddison with us as well. Mr. Bachman, I will turn it back over to you.

Okay. Keith, I don't want to hurt your feelings, but I'm going to start with John, if I could. And John, as I look at the industry level for what we loosely call the firewall business, the numbers had been better over the last couple of quarters than they were, if I use calendars, over the course of calendar year '19, particularly '19. And certainly, Fortinet has been strong throughout that period, but it seems like firewall demand has been better. And one of your competitors reported last night and while not necessarily generating the type of growth that you are, particularly in products, the industry growth seems to be better. And I just wanted to see if you'd offer, any of you, that would suggest that you think demand across the industry is better. And if be it, if you would support that, then what do you think some of the drivers are, whether work from home or otherwise?

Yes, good question. So I think that maybe 2 or 3 years ago, people thought that cloud comes this, unless there's a need for firewalling, and in fact, there's more of a need. And so the big drivers of sub security. The 3 big drivers: one is threat landscape and that involves the compliance and regulatory; and then infrastructure, and infrastructure has changed dramatically in that you are moving applications around. You are adding more devices. People right now are working from home. And that changes the architecture you need. And they just stop the need to protect the new edges. So now you've got this WAN edge [indiscernible] with SD-WAN. We've always added data center edge with applications moving into [ band ]. You've got cloud edge. You've even got a home edge, I believe, these days. So all those edges need protecting, and the best way to do that is through a firewall. The other component, if you go way back, go back 20 years, you had firewalls and you had switches and routers. And firewalls and switches haven't really changed that much for the last 20 years. It's just got much, much faster. On the other hand, firewalls have had to add more and more security functionality as a threat landscape change. So what used to be just a firewall and a VPN, you add a next-gen firewall application control IPS. More recently, we know we've added SD-WAN functionality in there, Wi-Fi controller. So mixture is back to this kind of conversion. So it's a combination of the infrastructure evolving, so needing more flexibility, more firewalls to make sure you protect the edges, which you're repairing as opposed to a very small perimeter of data center. And then just the fact that because of the threat landscape and complexity, you've added more functionality. So a lot of customers will have to upgrade or change the application status and services offer on those markets.

John, do you think there's been any pull in, so to speak, with the work-from-home dynamic? I know BMO, I mentioned this, I think, to you guys before, but we had to buy some incremental firewalls in March and actually in even a June quarter. Do you think there's been incremental pull in associated with the pandemic, the requirements on architecture associated with the pandemic rather?

Yes. Because another one of the convergent there was traditionally, you had a separate, what we call, VPN access. So it's is secure access. You might have used IPsec or SSL VPN technologies, encryption basically. And a lot of that technology got implemented and integrated into the firewalls. So they were using the firewalls file, but also using it to garner or create access on work from home. Now we get a lot of customers who have gone to around 10% to 15% of their users connected by a VPN. And all of a sudden, kind of long clearly, had to go to 100%. So they had to ramp. Now luckily, we use security processes and ASICs inside our systems, which allow us to offload the CPU from things like encryption to allow the customers to add a lot of capacity, but still they needed to maybe add some additional capacity. So I think there's been a bit of a bump from that VPN access upgrades. Some of our competitors definitely couldn't handle the load, and that's why they upgrade and change. And so there was definitely a work-from-home aspect to some of the [ offices ].

Yes. I think we -- I'm not sure we were ready for 10% of our workforce on the VPN level, but that's a different discussion. Let me just throw another question out about the dynamics associated with the industry. And that is to say, in 2 to 3 years, where do you think the industry will be in terms of physical firewalls, virtual firewalls and cloud firewalls, which may be different things? In other words, physical as a service and cloud would be the 3 categories versus where it is today as an industry?

Another good question. I think Gartner has been saying for the last few years that virtual machines will be -- virtual firewalls will be up 10% of firewalls by 2022, I think something like that. And that's actually tracking pretty closely. There is a new category, Firewall-as-a-Service, cloud firewalls, as we're trying to take the data. I think the majority of that business is still secure with gateway as a service or Zero Trust -- I mean that's still the majority of the business there. Are you implementing enterprise file the cloud edge? No, but we'll change that. That will change and our recent acquisition of OPAQ Networks, allows us to implement a full enterprise-class firewall or the cloud edge. And so I think that we're gradually -- I think that will gradually change. Can I make a prediction? No, I'm going to -- will say maybe in 2 or 3 years' time, 10% cloud and 15%, 20% virtual. There's still going to be a heavy need for appliances in -- one because of some of the areas you need really hyperscale speed in 5G networks. We still got customers building hyperscale data centers. And the other thing is interestingly enough is that although there was a big need to try and move to the virtual firewalls, things like SD-WAN, it hasn't worked whatsoever. And so you'll still need appliances for that. So I still think in even 2, 3 years' time, 70% of the market will still need appliance. And for us, that means accelerated SD-WAN [indiscernible].

Right. Right. Okay. Okay. Let's shift for a second to the competitive dynamics. And I guess I'll throw this out. But where are you guys seeing most of your competitive advantage? So we talked a lot in the last couple of years about SD-WAN as being a key driver. I think you said on the last quarter, it's 12% of your billings. Where else, particularly as you go against Palo Alto and Checkpoint, what do you think is driving your wins in addition to SD-WAN? And where are you losing, and why?

I don't remember saying any losses, Keith? Do you?

No. Hang on, this is being recorded. I want to pull that back. We may have a lot more.

I would say definitely our ability to support for most use cases. So think about a firewall today, it's got 15 use cases. And that gets us the ability to find a use case that the customer needs, whether it be consolidating IPS, whether it be application, whether it be traditional stateful firewall and VPN access, we talked about earlier, the list goes on. And so why do we do very well is finding a use case the customer needs, presenting a system that can work 2 or 3x faster at least for that use case. And then being able to add consultant to some other systems around it because we can run quite a few use cases on the network firewall. I would say that's where we're doing extremely well. And across the spectrum whether that be SMB enterprise [indiscernible].

I'd probably just add to that, Keith, I think in terms of where competitive displacements are challenging, it's exactly that, when they're the incumbent and we're not the incumbent. I think there's a homefield advantage that vendors know how to leverage, if you will. I think why we're successful, to John's point, is with the ASIC we're bringing at a cost advantage, if you will, in terms of the performance that we offer in a cost-effective fashion, which, in this environment, I think, is very important. I would overlay that advantage in saying when you can provide an integrated and automated solution because that takes some of the stress off the CIO and the CISO, I think that extends that effectiveness advantage, if you will, and I think we're successful in those environments.

Okay. When you're -- when a customer tells you that SD-WAN is important to you, so they bring you in, you make a bid, who else are they looking at as a competitor to Fortinet in that instance?

Well, it's mostly traditional networking. So you got the big theme that's in there right now is this convergence between networking, wider networking, more networking or quite access and security. And so usually, the networking team will start on SD-WAN project. It will go naturally to the networking vendors. It shows -- this will -- one of the start-up in our [indiscernible] cloud was an [indiscernible] of course. When they certainly realized that the security team need to be involved in that. And sometimes, they'll start looking at security companies. And so on one, again, we'll see a security company. But mostly, it's obviously the networking companies. And that gives us a unique value prop to the CIO and the CISO to able to provide that security and networking on a single device.

Okay. Okay. And specifically on Palo Alto, are you seeing -- for firewalls, are you seeing Palo Alto more in the last 3 months than you saw them last year?

I wanted to say so. I mean I do a lot of, what we call, executive briefing every week, more so at least within 2 or 3, it feels like I'm doing 8 to 10 this week in the virtual world, which is good. It's good to speak to people, see what's going on. I wouldn't say I've come across them any more than I would before. They've always -- I've always come across them more in the U.S. than I have done big thing for Europe or right back, for example, [indiscernible].

Okay. Okay. And is there any change in the win rates that -- and months the data that you're getting, Keith or Peter, on your competitive bid against Palo Alto, in particular?

I go back and look at the win rates a few weeks ago for the second quarter. And I just walked away from it. I was really pleased with the progress that we're making in our win rates. I think the clear dynamic is we'll be going against somebody that's the incumbent, if you will, versus the company has been displaced and now it's an open bid. Overall, I think the win rate progress, again, that we saw in the second quarter, we were very pleased with that.

Okay. Has CloudGenix from Palo Alto had any impact? It doesn't sound like it.

We didn't really see them that much before they had a small installed base in the U.S., mainly, we didn't want to cost them that much. We do want to cost them since the acquisition [indiscernible]. It's more of Cisco and being one now and again, still be [indiscernible] small, but they seem to -- since the acquisition -- maybe the acquisition makes people [indiscernible] upon quite as well. Those are the 3 views that went across.

Okay. Okay. We'll raise it up to a higher level, again, SASE is the new market term. Where do you guys see the opportunity for your -- for Fortinet? And where do you see some of the challenges?

Well, it was interesting, if you look at the definition of SASE, which is this convergence of networking the security, that's something we've been doing since the foundation of the company, just that we were doing it through our appliances and our ASICs and those machines. And now we can also do that through cloud as well. So that piece of SASE fits very well into our spectrum. And another part of SASE was this framework of 12-plus products, which act as a platform. And again, I don't have a bit of fabric concept. So that fits exactly into that. So we were actually quite happy with the SASE definition and implementation. I'm not sure about the name SASE, but that's okay. And so it's gotten this name. And we have all the pieces. We have all -- we have the SD-WAN. We have the next-gen firewall, the CASB, the WAF. And then the recent acquisition just built up a small piece in there, which was the Firewall-as-a-service or the cloud version. So now we have all the components for SASE. And we're not saying -- I don't see any customers say, I want to implement 12 products all integrated together straightaway, but we do want to implement 2 or 3 products and converge this networking and security under a single orchestration system, which gives them then the ability to automate both on operational part as well as any response to something that happened.

Right, right. Okay. Okay. I want to come back to the fabric, if I could. There's a couple of different pieces I want to try to understand before we get to the acquisition. Let's talk about a few areas, endpoint and network access, in particular. Can you give us any metrics on where you are in traction and what you see the opportunities here within the total contracts, the fabric?

Well, I'll let Keith speak to the numbers, but...

You could have a qualitative conversation description, John, if you would. We will fasten quantitative point of view.

I don't really like speaking numbers. But it's a very interesting area because, again, we can think about it, you've now got this convergence of endpoints at all, and I can tell you, every conversation had with the CIO, sometimes a SISO, less so, but it's a 10 agents sitting on their endpoint business. This is too many agents. It slows things down, they can't manage it. So what we see is, again, convergence of agents that traditionally, you had something for your VPN to that for access. Then maybe you had something for endpoint protection, traditional kind of endpoint protection. Then you have something more recently for EDR for [ POS ] detection or advanced detection response. Maybe you had Zero Trust agent out there for software-defined parameter. Maybe you had a NAC agent on there. I'm talking is about something where you can't get an agent right now. We see all those things long-term converging as a single agent not right now and not in the next few years, and that gives us a lot of capabilities to the endpoint marketplaces, which was getting fragmented. But again, you can see now this -- again, this competition. So network agents along with now with security agents, and that gives us great capabilities to install a single agent in the future and offer 4 or 5 business services. The NAC piece to us is being more focused on where you can't get an agent, network access control, where a lot of the IO people are just concerned about devices that have that agents that just are coming on off of the network. And we're getting great success in combining that kind of managed endpoint, with the unmanaged endpoint, agent on an agent plus to give a total view of everything that's coming and going at the permit of the network.

But if I go back to endpoint for a second, I mean, there's a few vendors doing really well. CrowdStrike and Carbon Black, right? It's seems -- I'm not sure that runway slows down at all for growth. But how does Fortinet fit into competing against very strong companies such as those?

Well, we actually have made a great acquisition in silo, which was competing very well against those companies for EDR. And in, I think, recent testing for AV-Comparatives to beat both of those companies. And so for us, it's not for a question of saying, how do we take it? It's degraded into our platform as we go forward. But more so, is how do we make sure that the salespeople are enabled durable to sell that, selling traditional endpoint versus detection response versus other capabilities is different. Selling a firewall, it's different. So we focus on making sure -- because they're not specialized sales force. They're just less so with Carbon Black now as they get integrated into VMware. That's what happened to this company, we get less in that specialized. CrowdStrike obviously very specialized. So we will run-up against them. We do well against them, and we are able to get into a test.

Okay. Mainly what that would assume within your installed base?

Could be, might not be. I mean I've seen quite a few new deals with -- 40 EDR. Again, that's our upscaling system, the 40 whatever it does. So easily look at our product portfolio names. It does really work actually against people like CrowdStrike and Carbon Black.

Okay. Okay. I want to stay within the fabric, if I could. And the areas -- if you could talk a little bit about some of the solution portfolios like SIM and SOAR, how they're doing? And maybe also just comment on how investors should be thinking about the overall growth of the fabric, if you add it up, the individual pieces that comprise the fabric?

Yes. Look, the fabric we split into kind of endpoint and the [indiscernible] control authentication. And then we have the [indiscernible] networking, which is SD-WAN, network firewall, wireless access, Internet and now SASE, we have a dynamic cloud security, which is security for the cloud, whether it be applications, whether it be platform or whether it be the network. And then we have a dedicated portfolio of products which are for our security operations, which consists -- obviously, we just talked about endpoint as well as breach prevention, detection. And then SIM saw instant response. And what we're seeing all the success there, that's obviously the customers also MSSP and partners want to take those products and then provide services on top. So definitely, I'm seeing some traction with MSSPs and service providers. We want to take that portfolio of security operation operated products and then sell us back into the customers that don't have the teams. When you look at all our customers, even some of the big customers that a mature SOC, which security operations organization, so you need to outsource some of that [indiscernible].

And if you aggregate it in, where do you think the most target-rich opportunities within the various products and services you just mentioned versus -- and how does that filter up to the way investors should think about the aggregate growth levels?

Well, we see opportunity in all those markets. I mean what I didn't -- what I just touched on briefly was [indiscernible] SD-Branch, for example, is a great marketplace, where we combine SD-WAN. We combine wireless access, ethernet access, control. We provide 5G integrated 5G control. So again, is those marketplaces where we can see consolidation happen in convergence, and we're able to take -- unless we're a smaller customer, do you take the whole platform called fabric. You don't take other. You'll take a use case or will try and protect one specific threat vector or a specific organization or a specific set of data. And so that's been a good example, just focus on the use case of the branch. But we'll also see, for example, our WAF in data centers and cloud, especially are doing well as WAF becomes just as important as a firewall. So WAF, we consider our platform able to cover the entire attack surface. We get one use case, then we can pull that out use case across multiple products. The key for customers long term and building the fabric is not so much easy get some consolidation some benefits, some operational benefits, but then you can actually build automation into your systems so that audience can talk to Wi-Fi and then talk to SD-WAN, they can talk to cloud, they can build out this automational response on the fine.

Right. Where are you finding the most traction with the fabric in terms of, as I think about the solution set, large enterprise is an opportunity, SD-WAN, particularly in branch is a great opportunity. Yet if I look at some of the other solution sets, it would seem to be more aligned to the SMB community, but maybe just offer your feedback on that idea.

Well, I think that's where the challenge lies some ways. So products have road maps that make them stand-alone enterprise-class, but also fit into the fabric. And either work for us. I would still say that a very large Fortune 10, Fortune 50 customer still have silos or security and networking and then within networking with staple firewall and then route. I mean they're just big companies. So I'm not going to go and say to some of those company hey put everything on a single platform. That's not going to happen. So actually go down marketplace the file break becomes more attractive, and we see customers adding more and more products because they can consolidate and save cost, operational costs. In the marketplace, we really see growing use case simply. So our SD-WAN, for example, currently SMB and [indiscernible] has to be enterprise class. And that's now support the use cases and features and functions. So I wouldn't say that it's -- the contract itself is specific to the SMB, it gets more attractive as fully go down marketplace. But we'll see, for example, somebody who put in SD-WAN and Firewalls-as-a-service together. I mean they link in a couple of use cases. So I wouldn't say specific to SMB, the platform concept.

Okay. Okay. Because if it is more SMB-oriented, it seems over time SMB will migrate more towards the cloud. And so it might put that fabric growth more at risk, if that were to be true.

Yes. But we also offer -- I think we need to differentiate between security for the cloud and from the cloud. So for the cloud, have a specific portfolio of products. But we can deliver our products from the cloud already. E-mail, WAF, a lot of it platform fabric products are already available in that cloud format.

Yes. Okay. Okay. Let me turn to talk about your recent acquisition, OPAQ. And how does this -- tell me a little bit about the acquisition. Why do you do it? What capabilities do you think it generates?

OPAQ Networks. What we liked about them, there's 3 things we liked about them: One was we actually thought about this cloud Firewall-as-a-service and thought about what it means to provide a high performance for its people. A lot of this current systems, I won't talk -- I won't give you names, current systems use VPN, use in clouds, which are rate limited, you can't burst on them. This latency built into them. So they actually design a network, network-as-a-service, actually based on a hardware. And really did that is so they could have the highest performance available. And then what they did was they make sure they had a good footprint. Then they made sure they have good pay points into the application areas like EWS, could and SaaS. They also then built a pretty sophisticated orchestration system, which allow them to orchestrate that not only in the cloud but on-premise or we get connecting them quickly. And then they also allow their products to be part of that ecosystem because that's a very important part going forward. A lot of times, SaaS companies have actually kind of -- [ we provide ] to their partners since they don't have any value. And the channel becomes a bit upset about that. And so we wanted to make sure the channel was heavily involved in that, not only our traditional kind of reseller channel but also our service provider partners. So it ticked up all the boxes for us. And how does that option, the customers were sort talk us about in giving that cloud protection.

Right. And what's the competitive threat or opportunity for you guys? Who, in particular, is this going to help you against, or which company, I should say?

Well, I think if you've seen the marketplace for the last 3 or 4 years, there's been quite a bit of consolidation. And it used to be just SD-WAN vendors and security vendors. And you could pay quickly, you could come and play nicely in that environment, not more. I mean just look at the acquisitions over the last few years. And so really there's a few companies out there who have taken that approach or put everything together. And the team will be kind of do that. And so the usual culprits will be out there, Cisco and Palo Alto Network kind of do that. These data is there, but it hasn't got an SD-WAN offering of products. So it remains to be seen if they had that to there. But I think the companies will win long term the ability to the right enterprise-class for each use case SD-WAN, Firewall-as-a-service or WAF and then bring it together in a platform orchestration and automation.

Okay. All right. Let's talk about a few more things. You brought up Zscaler. It's going to bring them up. This comes up, I think, almost every conversation we have in a big group is, friend or foe. And it seems like Fortinet is having success selling with Zscaler. But at the same time, if you talk to the Zscaler sales rep, their value proposition includes replacing a lot of firewalls. But how do you see this dynamic playing out over the next couple of years?

I don't understand that when they say that because I've never seen one of our firewalls replaced by the Zscaler. What they think very good at is replacing Blue Coat proxies. So we've got waste of service. That's what I think of that. And it allows them to kind of provide a single policy across on-network and off-network users and a lot of responsibility that gets strong back at them and they have to take that. So I don't get the Firewall-as-a-service question. I think we're in a lot of accounts, maybe by accident in that, the customer, we've got our SD WAN, and they provide some of the security capabilities. As that's what's happened. I think in the end, there definitely -- we have enterprise case being tested by all sorts of different third-party organization. This is what [indiscernible]. Well, they say they've got good security. Who knows? What is the -- that security? I think you say it's good. It's such a good on data sheet, you believe that. And so in our minds, when obviously will be competing a bit more against Zscaler as we go forward because we'll be able to offer not only that SD-WAN and WAN edge security, but also the cloud edge, the cloud edge security. And so definitely, we've gone from [ band ] . And I think this happened not only to us but also Palo Alto, used to when I also, for example, some of the other SD-WAN vendors kind of combined. And now I don't -- you've just got one piece of the [indiscernible], they say, I think you're going to struggle.

Okay. Are you see -- are you competing against them more, you think, today than you were 6 months ago for reasons you just mentioned?

I think OPAQ acquisition is only 3 weeks. So -- but we've got to roll it out to channel and salespeople and everyone else. And so that -- I mean, it's going to take a couple of months. But definitely, as we go forward, we will. And also what I think customers -- customers I speak to, they definitely want to make sure they're involved in some of these architectures and conversations with the cloud edge capabilities. It's very important to them.

Yes. Well, I think this is going to be very interesting to watch this in particular. Let's go to Secop. Secop seems to be taking a bigger role in terms of decision-making, customer power. Tell us a little bit about how you're thinking about Secop as an opportunity for Fortinet to gain incremental share of wallet of the customers?

Yes. It's definitely shifted a bit in that. If I look at the additional frameworks that the CISO will use by the next or ISO, we're seeing a lot more minor these days actually. And they've shifted a bit of funding into the -- more to detection response area. That's why you've seen quite a new -- quite a lot of new vendors pop up from everywhere. Well, we also see a big need still for protection of the billings of breaches. We saw 1 billion ransomware attacks in 2019. So it's truly about traditional protection in there. But we're definitely seeing a bigger investment in the detection capabilities. And then once you find something, how do you get that automated across from a response perspective. And if you do find something that's going to get you in there then how do you make sure you provide good incident information around that. So again, you saw [ an ] acquisition from our friends down the road. And so these are all components we've had. I mean if you look at some of the latest acquisitions there, we've had these components for some time and integrated them. So I think the security operations -- when I look at the purchase, I say the trends of detection response with more investment in there. Definitely, customers want to make sure that you have machine learning and AI built in so that you can be as predictive as possible. So you're not waiting. Definitely some postdetection, some of our EDR products, for example, has postdetection there, which is extremely important because sometimes you just can't stop it, it's going to get in. So you just wait and then, but the postdetection notifies it, so that's another break capability. I mentioned the automation. We also mentioned it earlier on, outsourcing of these components. So it's a big area. I think what I see happening on the security operations side is that we just have bigger scope now across the infrastructure to make some -- to influence and make some decisions around choices and policies. But -- and I still see video resistance, but it's going away of integrating products into the networking side. Really a good example is IPS, where it's been an info sec product for a long time. It always was an info sec product. And most of the mid-market has gone expanded quite into next-gen firewall. There's still a $1.5 billion marketplace out there that's sitting in the silos of maybe larger companies, but I can see that turning into next-gen firewall business as you go forward.

Does it require a change in go to market, particularly with large enterprise?

Well, what they particularly wanted is the security teams do want to control over the policies for IPS. And also, if they wanted to try out a signature, they didn't want to affect the firewall that's been some resistance, but that always can -- when we can partition off IPS console that we can test signatures separately and other things. So I think that all the reasons they did have for that not integrating is going away. And if you look at all the IPS vendors, they're pretty much underlining a lot of the products as we go forward. So to me, it comes back to that firewall marketplace having lot of use cases. I mean people refer to it as firewall. As I said, there's 15 to 16 different use cases that can sit on a firewall, IPS just being one of them.

Okay. Okay. Let me turn to -- sorry, my questions just close out. So I want to talk to FortiCare -- talk about FortiCare technical support increased 22% to $181 million, helped by mix shift, 8x5 to 24/7 was up 9 points. Where does that -- where can that go? I think, Keith, you said it was 64% of the mix. How high can that go do you think? And what are the reasons for any boundaries associated with that?

Yes, I'll just jump in quickly in front, John, on this one. We've pretty much taken 8x5 support off the price list. The last run this a quarter or 2 ago. So pretty much anything that -- any new sale is going to continue to be 24/7. We see some pretty impressive shifts in our billings mix. We disclosed the revenue mix, obviously, the billings mix is a leading indicator. So the combination of taking it off the prices and looking at our billings mix shift, we expect that's going to continue on for an extended period of time. There was an acceleration. It had been moving last year at about a 1 point clip quarter-to-quarter in terms of that mix shift. It jumped up to about 2 points. And again, I think that's what we call the shifting price less.

So Keith, do you think this is still a multiyear journey in terms of the help you're getting for billings associated with 24x7? And is it a fair...

John's made this point to me before. I mean, really in the cybersecurity world, 8x5 support, there is very little use cases or very few use cases and 8x5 is actually worthwhile having. You really need 24/7 securities.

Right. And is the impact the same over the next couple of years? Or has the magnitude become less impactful to the billings growth?

Yes. I don't think that's something that we've really spoken specifically to. I think the tangents that we've been on whether there's 1 point shift, the 2 point shift. I think those are the neighborhoods that we'll be looking at Q2.

Okay. Okay. Okay. And a few more financial questions, but I want to throw one more big-picture question out, as we come to the close. And John, this goes back to you. If you think about the industry over the next 2 to 3 years, is -- and you put dimensions around product growth and then subscription growth. And I know there's a maintenance category that's in there as well. But is product growth, which would be driven by firewalls, is that 0, something greater, something lesser for the industry? And then most of the growth is derived around something called subscriptions? Or how would you encourage investors to think about the industry dynamics associated with the business?

Yes. Well, I think the macro one is definitely consolidation. And there's just so many vendors out there and companies that it's very fragmented. If you look at some of the respective industries, I would say that from a big picture perspective, customers are looking to put security where they need it because it's secured anywhere. That might be on the cloud edge, maybe on the WAN edge, maybe for the data center, maybe back in the campus, and maybe at home. And so you need to put on some time. It isn't going to exist in pressure. So whether that be an appliance, whether that be [ special ] machine. I still think you are going to need product to enable you to deploy that security measures in different [ areas ]. So I still think product is going to be an important aspect. I still think the industry could grow that way. When we deliver that product be delivered as an appliance or is it cloud or is it a machine? I think that, as we said, it changes a bit automatically. But still, we're going to need products to deploy business. People change their infrastructure. But operating technology areas, factories, whether IP enabling or all sorts of industries whether IP-enabling devices or if any physical implementations there. And so I still see product as being very important and what is -- services are important. And we definitely have rolled out up our share of services, [indiscernible] but still product is important.

Okay. Let me throw a few quick ones out for Keith. Keith, on the last call, you did bring up -- you indicated you saw some discounting. That hasn't come up in a while. And is that -- you think that, that's going to be something that's relevant while we continue to struggle on a global basis with the economic growth? Or any characterization you want to provide there would be helpful.

Yes. I think you need to frac up in terms of what our product gross margin is down. It was up over 300 basis points. And that was net of a small headwind, if you will, from the discounting. And I thought it was only fair because I talked about discounting being a tailwind for the prior 2 quarters, I think it was. I think it's just -- I think it's a reflection of the economy, the recession that the U.S. and other countries were in, and I think discounting was a very natural thing. At the same time, we've been very open that we're in a position of leveraging our balance sheet, whether that was some extended payment terms or through discounting and other vehicles, to try and help our customers, our channel partners and our end users through this difficult time. So I think we saw a little bit of it in the second quarter, but I think it's more pandemic-related than anything else.

Okay. Yes, fair enough. I mean your margins continue to be outstanding. Which leads me to my second to last question is you've guided to margins for the year, 26% to 27% type of levels. And as investors look longer term, what do you think some of the considerations should be surrounding the opportunities or risk associated with your operating margins, in particular, as you look beyond what you've guided for this year?

I think we provided guidance for the third quarter, if you will, the numbers that you're talking.

Yes, sorry. Yes, third quarter.

I know. I think the -- we remain committed to balanced growth and profitability. We've been executing on that for probably 3 years now. And I don't think that's changing. We also said at the beginning of the year that within that equation, if you will, balance between growth and profitability, we thought prepandemic that, that would tilt towards growth, particularly as we saw it in the first quarter. I think also that the -- keep in mind that there has been a savings for us in the second quarter, we saw about 2 basis points from travel. And really what we're trying to do right now is reinvest that in sales, headcount and other growth vehicles, marketing events that John hosts, et cetera, such that when we do exit the pandemic, we have a -- we're prepared to continue with that growth part of the equation because those salespeople that we're hiring today will be 10 years presumably productive as in a postpandemic world.

Yes. Because as this will be my last kind of comment, part of the narrative, I think, from investors is Palo Alto -- excuse me, Fortinet, starting to see some slowdown. And product revenues did slow a little bit. Now there is an economic backdrop. But anything -- I think that's what was weighing on the stock post your quarter. Anything in concluding remarks you want to offer up as it relates to the narrative that Fortinet's starting to see a little bit slower growth as we finish off here.

Yes. I think it'll be interesting as we get some -- down the road and look back at what the pandemic was like for us, particularly on specific geographic specific basis. I think in the pandemic world with our diversification, where we're able to show over 14% billings growth and 18% revenue growth. It's still pretty impressive. And I do think there was it in the second quarter, particularly in the U.S., or Latin America. Obviously, we will have to the process of setting guidance for the third quarter to [indiscernible] quarter of experience in terms of the pandemic, what we should expect about close rates, but also the health of our pipeline, which was, I think, very impressive for us. And having the month of July behind us. It's still early. We still have half the quarter to go, both in terms of the calendar days and probably a little bit more than that in terms of billings. But it is trying to feel a little bit like the third quarter is perhaps a little bit more like the first quarter and a little bit less like than the second quarter.

Right, right. Okay. Okay. Well, just 2 observations. John, if that's a microphone in front of you, that is the biggest microphone I think I've ever seen. The second observation, I feel compelled to say, I think Peter would be disappointed if I didn't, at least, say the words, real estate. I'm not going to actually ask any questions about it. So I'm just doing that for Peter's benefit. Peter, I said the word, so I hope you're happy. But with that said, I think we're going to end it here. I know a lot of investors have to jump at salesforce.com call. So on behalf of BMO, we certainly appreciate Fortinet's collective time. It's been really interesting, and we look forward to chatting more. So again, thanks, everybody, and have a great day.

Thank you, Keith. Appreciate it.